@zerothreatai/vulnerability-registry 3.0.0 → 4.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/categories/authentication.js +17 -0
- package/dist/categories/configuration.js +501 -0
- package/dist/categories/injection.js +34 -0
- package/dist/categories/sensitive-paths.js +84 -0
- package/dist/categories/ssrf.js +11 -0
- package/dist/categories/xss.js +15 -0
- package/dist/category.d.ts +6 -0
- package/dist/category.js +15 -0
- package/dist/error-codes.d.ts +20 -0
- package/dist/error-codes.js +20 -0
- package/dist/index.d.ts +9 -1
- package/dist/index.js +5 -1
- package/dist/scanner.d.ts +6 -0
- package/dist/scanner.js +22 -0
- package/dist/types.d.ts +2 -0
- package/dist-cjs/categories/authentication.js +17 -0
- package/dist-cjs/categories/configuration.js +501 -0
- package/dist-cjs/categories/injection.js +34 -0
- package/dist-cjs/categories/sensitive-paths.js +84 -0
- package/dist-cjs/categories/ssrf.js +11 -0
- package/dist-cjs/categories/xss.js +15 -0
- package/dist-cjs/category.js +18 -0
- package/dist-cjs/error-codes.js +20 -0
- package/dist-cjs/index.js +7 -1
- package/dist-cjs/scanner.js +25 -0
- package/package.json +1 -1
- package/src/categories/authentication.js +54 -40
- package/src/categories/authentication.ts +134 -117
- package/src/categories/configuration.js +990 -114
- package/src/categories/configuration.ts +1625 -1104
- package/src/categories/injection.js +105 -74
- package/src/categories/injection.ts +129 -95
- package/src/categories/sensitive-paths.js +255 -174
- package/src/categories/sensitive-paths.ts +84 -0
- package/src/categories/ssrf.js +36 -28
- package/src/categories/ssrf.ts +11 -0
- package/src/categories/xss.js +47 -35
- package/src/categories/xss.ts +15 -0
- package/src/category.ts +16 -0
- package/src/error-codes.d.ts +38 -0
- package/src/error-codes.js +41 -6
- package/src/error-codes.ts +25 -5
- package/src/index.js +33 -48
- package/src/index.ts +20 -14
- package/src/scanner.ts +23 -0
- package/src/types.d.ts +2 -0
- package/src/types.js +1 -2
- package/src/types.ts +4 -2
- package/zerothreatai-vulnerability-registry-4npm .0.0.tgz +0 -0
|
@@ -14,6 +14,7 @@ export const AUTH_VULNERABILITIES = {
|
|
|
14
14
|
title: 'JWT Vulnerability - None Algorithm Attack',
|
|
15
15
|
description: 'Critical JWT vulnerability where the server accepts tokens with "alg": "none" in the header, allowing attackers to forge valid tokens without knowing the secret key by simply removing the signature and modifying claims to impersonate any user including administrators.',
|
|
16
16
|
severity: 'critical',
|
|
17
|
+
levelId: 1,
|
|
17
18
|
category: 'authentication',
|
|
18
19
|
scanner: 'jwt',
|
|
19
20
|
cvss: {
|
|
@@ -35,6 +36,7 @@ export const AUTH_VULNERABILITIES = {
|
|
|
35
36
|
title: 'JWT Vulnerability - Weak Secret Key',
|
|
36
37
|
description: 'JWT implementation using a weak or common secret key for HMAC signature verification that can be brute-forced or found in common secret dictionaries, allowing attackers to forge arbitrary valid tokens and bypass authentication to access any user account.',
|
|
37
38
|
severity: 'high',
|
|
39
|
+
levelId: 2,
|
|
38
40
|
category: 'authentication',
|
|
39
41
|
scanner: 'jwt',
|
|
40
42
|
cvss: {
|
|
@@ -56,6 +58,7 @@ export const AUTH_VULNERABILITIES = {
|
|
|
56
58
|
title: 'JWT Vulnerability - Algorithm Confusion Attack',
|
|
57
59
|
description: 'JWT key confusion vulnerability where the server public key can be used as an HMAC secret by switching the algorithm from RS256 to HS256, allowing attackers to forge valid tokens using the publicly available key to generate valid HMAC signatures.',
|
|
58
60
|
severity: 'critical',
|
|
61
|
+
levelId: 1,
|
|
59
62
|
category: 'authentication',
|
|
60
63
|
scanner: 'jwt',
|
|
61
64
|
cvss: {
|
|
@@ -80,6 +83,7 @@ export const AUTH_VULNERABILITIES = {
|
|
|
80
83
|
title: 'Broken Access Control - Anonymous Access',
|
|
81
84
|
description: 'Critical broken access control vulnerability where authenticated endpoints can be accessed without any authentication by simply removing auth headers or cookies, exposing sensitive functionality and data to unauthenticated attackers without any credential requirement.',
|
|
82
85
|
severity: 'high',
|
|
86
|
+
levelId: 2,
|
|
83
87
|
category: 'access_control',
|
|
84
88
|
scanner: 'broken-access',
|
|
85
89
|
cvss: {
|
|
@@ -101,6 +105,7 @@ export const AUTH_VULNERABILITIES = {
|
|
|
101
105
|
title: 'Broken Access Control - Insecure Direct Object Reference',
|
|
102
106
|
description: 'IDOR vulnerability where users can access or modify resources belonging to other users by manipulating predictable identifiers like sequential IDs in URLs or request parameters, without proper authorization checks verifying resource ownership.',
|
|
103
107
|
severity: 'high',
|
|
108
|
+
levelId: 2,
|
|
104
109
|
category: 'access_control',
|
|
105
110
|
scanner: 'broken-access',
|
|
106
111
|
cvss: {
|
|
@@ -122,6 +127,7 @@ export const AUTH_VULNERABILITIES = {
|
|
|
122
127
|
title: 'Broken Access Control - Vertical Privilege Escalation',
|
|
123
128
|
description: 'Vertical privilege escalation vulnerability allowing regular users to access or perform administrative functions by directly accessing admin endpoints or manipulating role/permission parameters, bypassing role-based access controls to gain elevated privileges.',
|
|
124
129
|
severity: 'critical',
|
|
130
|
+
levelId: 1,
|
|
125
131
|
category: 'access_control',
|
|
126
132
|
scanner: 'broken-access',
|
|
127
133
|
cvss: {
|
|
@@ -146,6 +152,7 @@ export const AUTH_VULNERABILITIES = {
|
|
|
146
152
|
title: 'Mass Assignment - Role Escalation',
|
|
147
153
|
description: 'Mass assignment vulnerability allowing attackers to escalate privileges by including additional parameters like "role", "isAdmin", or "permissions" in requests that the application binds to user objects without proper allowlist filtering of settable fields.',
|
|
148
154
|
severity: 'high',
|
|
155
|
+
levelId: 2,
|
|
149
156
|
category: 'access_control',
|
|
150
157
|
scanner: 'model-state',
|
|
151
158
|
cvss: {
|
|
@@ -167,6 +174,7 @@ export const AUTH_VULNERABILITIES = {
|
|
|
167
174
|
title: 'Mass Assignment - Prototype Pollution',
|
|
168
175
|
description: 'JavaScript prototype pollution vulnerability through mass assignment where attackers inject __proto__ or constructor.prototype properties that modify the Object prototype globally, potentially leading to denial of service, security bypass, or remote code execution.',
|
|
169
176
|
severity: 'high',
|
|
177
|
+
levelId: 2,
|
|
170
178
|
category: 'access_control',
|
|
171
179
|
scanner: 'model-state',
|
|
172
180
|
cvss: {
|
|
@@ -188,6 +196,7 @@ export const AUTH_VULNERABILITIES = {
|
|
|
188
196
|
title: 'JWT Vulnerability - Expired Token Accepted',
|
|
189
197
|
description: 'JWT implementation does not properly validate token expiration (exp claim), accepting expired tokens that should be rejected. This allows attackers with previously captured tokens to reuse them indefinitely, maintaining unauthorized access without credential updates.',
|
|
190
198
|
severity: 'medium',
|
|
199
|
+
levelId: 3,
|
|
191
200
|
category: 'authentication',
|
|
192
201
|
scanner: 'jwt',
|
|
193
202
|
cvss: {
|
|
@@ -209,6 +218,7 @@ export const AUTH_VULNERABILITIES = {
|
|
|
209
218
|
title: 'JWT Vulnerability - Missing Required Claims',
|
|
210
219
|
description: 'JWT tokens are missing critical security claims like exp (expiration), iat (issued at), nbf (not before), or iss (issuer), reducing the security guarantees of the token system and potentially allowing token reuse, replay attacks, or cross-tenant access.',
|
|
211
220
|
severity: 'medium',
|
|
221
|
+
levelId: 3,
|
|
212
222
|
category: 'authentication',
|
|
213
223
|
scanner: 'jwt',
|
|
214
224
|
cvss: {
|
|
@@ -230,6 +240,7 @@ export const AUTH_VULNERABILITIES = {
|
|
|
230
240
|
title: 'Broken Access Control - Horizontal Privilege Escalation',
|
|
231
241
|
description: 'Horizontal privilege escalation vulnerability where authenticated users can access data or perform actions belonging to other users at the same privilege level by manipulating user identifiers, object references, or session parameters without ownership verification.',
|
|
232
242
|
severity: 'high',
|
|
243
|
+
levelId: 2,
|
|
233
244
|
category: 'access_control',
|
|
234
245
|
scanner: 'broken-access',
|
|
235
246
|
cvss: {
|
|
@@ -251,6 +262,7 @@ export const AUTH_VULNERABILITIES = {
|
|
|
251
262
|
title: 'Mass Assignment - Hidden Field Manipulation',
|
|
252
263
|
description: 'Mass assignment vulnerability where attackers can modify hidden form fields or server-side computed values like price, discount, userId, or timestamp by including them in request bodies, bypassing UI restrictions to manipulate business logic or data integrity.',
|
|
253
264
|
severity: 'medium',
|
|
265
|
+
levelId: 3,
|
|
254
266
|
category: 'access_control',
|
|
255
267
|
scanner: 'model-state',
|
|
256
268
|
cvss: {
|
|
@@ -272,6 +284,7 @@ export const AUTH_VULNERABILITIES = {
|
|
|
272
284
|
title: 'JWT - Claim Tampering',
|
|
273
285
|
description: 'JWT claim tampering vulnerability where attackers can modify token claims such as roles, user IDs, or permissions and the server accepts the tampered token, enabling privilege escalation or unauthorized access.',
|
|
274
286
|
severity: 'high',
|
|
287
|
+
levelId: 2,
|
|
275
288
|
category: 'authentication',
|
|
276
289
|
scanner: 'jwt',
|
|
277
290
|
cvss: {
|
|
@@ -293,6 +306,7 @@ export const AUTH_VULNERABILITIES = {
|
|
|
293
306
|
title: 'JWT - KID Header Injection',
|
|
294
307
|
description: 'JWT key identifier (kid) injection vulnerability where attackers manipulate the kid header to influence key selection or file paths, potentially bypassing signature verification or loading attacker-controlled keys.',
|
|
295
308
|
severity: 'high',
|
|
309
|
+
levelId: 2,
|
|
296
310
|
category: 'authentication',
|
|
297
311
|
scanner: 'jwt',
|
|
298
312
|
cvss: {
|
|
@@ -314,6 +328,7 @@ export const AUTH_VULNERABILITIES = {
|
|
|
314
328
|
title: 'JWT - JKU Header Injection',
|
|
315
329
|
description: 'JWT JKU (JWK Set URL) header injection vulnerability where attackers can control the URL used to fetch signing keys, allowing them to supply their own keys and forge valid tokens.',
|
|
316
330
|
severity: 'high',
|
|
331
|
+
levelId: 2,
|
|
317
332
|
category: 'authentication',
|
|
318
333
|
scanner: 'jwt',
|
|
319
334
|
cvss: {
|
|
@@ -335,6 +350,7 @@ export const AUTH_VULNERABILITIES = {
|
|
|
335
350
|
title: 'JWT - Embedded JWK Injection',
|
|
336
351
|
description: 'JWT embedded JWK vulnerability where attackers include their own JWK in the token header and the server accepts it as a trusted signing key, enabling forged tokens and authentication bypass.',
|
|
337
352
|
severity: 'high',
|
|
353
|
+
levelId: 2,
|
|
338
354
|
category: 'authentication',
|
|
339
355
|
scanner: 'jwt',
|
|
340
356
|
cvss: {
|
|
@@ -356,6 +372,7 @@ export const AUTH_VULNERABILITIES = {
|
|
|
356
372
|
title: 'JWT - X5C Header Injection',
|
|
357
373
|
description: 'JWT x5c header injection vulnerability where attackers provide an untrusted certificate chain, allowing them to influence key selection or bypass signature validation if certificate trust is not strictly enforced.',
|
|
358
374
|
severity: 'high',
|
|
375
|
+
levelId: 2,
|
|
359
376
|
category: 'authentication',
|
|
360
377
|
scanner: 'jwt',
|
|
361
378
|
cvss: {
|